Et Tu, Grammarly? - Hacker News

nikolay 7 days ago|

I am happy with Microsoft's free grammar checker extension - Microsoft Editor [0], which supports foreign languages as well... although I still pay for Grammarly. Microsoft's works more smoothly and on more sites, including Hacker New!

[0]: https://chromewebstore.google.com/detail/microsoft-editor-sp...

jgalt212 7 days ago||

  - Access your data for all websites
  - Display notifications to you
  - Access browser tabs

> They could also, you know, not inject their code into every web page ever, unless the extension is actually used?

I guess we know why Grammarly never has any problems raising more funding.

vhantz 7 days ago||

Do you know how they managed to inject stylesheets into every page bypassing CSP?

daquisu 7 days ago||

It is done by the extension without any fancy stuff. Extensions can load static js / css and bypass CSP with it, if it is declared in their manifest.json. Grammarly's manifest.json is here: https://gist.github.com/Daquisu/11eb1a7000b4141c4404edcc6e16...

For more advanced CSP bypass with extension, you can:

1. Inject JS code into any webpage with a CSP.

2. Create an event listener for your content script and reacting according to it.

3. Use your content script to communicate with the background script.

4. Use the background script to communicate with any website, including blocked websites by the CSP.

Basically, any website <-> extension content script <-> background script <-> any website.

regularjack 7 days ago|

Et toi

meesles 7 days ago||

https://en.wikipedia.org/wiki/Et_tu,_Brute%3F

xandrius 7 days ago||

"Et tu" is indeed correct.from "Et tu, Brute" by William Shakespeare.